NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
247901	6.1	MEDIUM ネットワーク	xiuno	xiunobbs	The editor in Xiuno BBS 4.0.4 allows stored XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15559	2024-11-21 12:51	2018-08-20	表示	GitHub Exploit DB Packet Storm

247902	8.8	HIGH ネットワーク	telus	actiontec_t2200h_firmware	fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.	CWE-78 OSコマンド・インジェクション	CVE-2018-15553	2024-11-21 12:51	2018-08-20	表示	GitHub Exploit DB Packet Storm

247903	7.5	HIGH ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq j…	NVD-CWE-noinfo	CVE-2018-15472	2024-11-21 12:50	2023-04-16	表示	GitHub Exploit DB Packet Storm

247904	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject f5 apple	tcpdump enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller mac_os_x	The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.	CWE-125 境界外読み取り	CVE-2018-14882	2024-11-21 12:50	2019-10-4	表示	GitHub Exploit DB Packet Storm

247905	5.3	MEDIUM ネットワーク	totemo	totemomail	Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.	CWE-284 不適切なアクセス制御	CVE-2018-15513	2024-11-21 12:50	2019-08-30	表示	GitHub Exploit DB Packet Storm

247906	6.1	MEDIUM ネットワーク	totemo	totemomail	Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15512	2024-11-21 12:50	2019-08-30	表示	GitHub Exploit DB Packet Storm

247907	6.1	MEDIUM ネットワーク	totemo	totemomail	Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15511	2024-11-21 12:50	2019-08-30	表示	GitHub Exploit DB Packet Storm

247908	6.1	MEDIUM ネットワーク	totemo	totemomail	Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15510	2024-11-21 12:50	2019-08-30	表示	GitHub Exploit DB Packet Storm

247909	7.5	HIGH ネットワーク	loytec	lgate-902_firmware	LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.	CWE-22 パス・トラバーサル	CVE-2018-14918	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247910	9.1	CRITICAL ネットワーク	loytec	lgate-902_firmware	LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14916	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247911	6.5	MEDIUM ネットワーク	odoo	odoo	Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and …	CWE-20 不適切な入力確認	CVE-2018-14887	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247912	4.9	MEDIUM ネットワーク	odoo	odoo	The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to rea…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14886	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247913	9.8	CRITICAL ネットワーク	odoo	odoo	Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the su…	CWE-284 不適切なアクセス制御	CVE-2018-14885	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247914	6.1	MEDIUM ネットワーク	loytec	lgate-902_firmware	LOYTEC LGATE-902 6.3.2 devices allow XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14919	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247915	9.8	CRITICAL ネットワーク	lexmark	cx310_firmware cx410_firmware cx510_firmware xc2132_firmware mx31x_firmware mx41x_firmware mx51x_firmware xm1145_firmware mx61x_firmware xm3150_firmware mx71x_firmware	Various Lexmark devices have a Buffer Overflow (issue 1 of 2).	CWE-119 バッファエラー	CVE-2018-15519	2024-11-21 12:50	2019-06-29	表示	GitHub Exploit DB Packet Storm

247916	9.8	CRITICAL ネットワーク	bubblesoftapps	bubbleupnp	In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnera…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-15506	2024-11-21 12:50	2019-06-20	表示	GitHub Exploit DB Packet Storm

247917	5.3	MEDIUM ネットワーク	synacor	zimbra_collaboration_suite	An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enum…	CWE-200 情報漏えい	CVE-2018-15131	2024-11-21 12:50	2019-05-31	表示	GitHub Exploit DB Packet Storm

247918	9.8	CRITICAL ネットワーク	polycom	group_series hdx pano	An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functional…	CWE-119 バッファエラー	CVE-2018-15128	2024-11-21 12:50	2019-05-13	表示	GitHub Exploit DB Packet Storm

247919	7.5	HIGH ネットワーク	cisco	firepower_threat_defense	A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote a…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-15462	2024-11-21 12:50	2019-05-4	表示	GitHub Exploit DB Packet Storm

247920	8.6	HIGH ネットワーク	cisco	adaptive_security_appliance_software firepower_threat_defense	A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to ca…	CWE-400 リソースの枯渇	CVE-2018-15388	2024-11-21 12:50	2019-05-4	表示	GitHub Exploit DB Packet Storm

247921	7.5	HIGH ネットワーク	bpcbt	smartvista	BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.	CWE-384 セッションの固定化	CVE-2018-15208	2024-11-21 12:50	2019-05-1	表示	GitHub Exploit DB Packet Storm

247922	7.2	HIGH ネットワーク	bpcbt	smartvista	BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.js…	CWE-269 不適切な権限管理	CVE-2018-15207	2024-11-21 12:50	2019-05-1	表示	GitHub Exploit DB Packet Storm

247923	8.8	HIGH ネットワーク	bpcbt	smartvista	BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.	CWE-352 同一生成元ポリシー違反	CVE-2018-15206	2024-11-21 12:50	2019-05-1	表示	GitHub Exploit DB Packet Storm

247924	6.1	MEDIUM ネットワーク	polarisft	intellect_core_banking	An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.	CWE-601 オープンリダイレクト	CVE-2018-14931	2024-11-21 12:50	2019-05-1	表示	GitHub Exploit DB Packet Storm

247925	8.8	HIGH ネットワーク	polarisft	intellect_core_banking	An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.	CWE-352 同一生成元ポリシー違反	CVE-2018-14930	2024-11-21 12:50	2019-05-1	表示	GitHub Exploit DB Packet Storm

247926	7.5	HIGH ネットワーク	coolpad t-mobile	defiant_firmware revvl_plus_firmware	The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release…	CWE-20 不適切な入力確認	CVE-2018-15003	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247927	6.3	MEDIUM ローカル	vivo	v7_firmware	The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, v…	NVD-CWE-noinfo	CVE-2018-15000	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247928	9.1	CRITICAL ネットワーク	leagoo	p1_firmware	The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.facto…	NVD-CWE-noinfo	CVE-2018-14999	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247929	5.5	MEDIUM ローカル	leagoo	p1_firmware	The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a packag…	NVD-CWE-noinfo CWE-862 認証の欠如	CVE-2018-14997	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247930	7.8	HIGH ローカル	oppo	f5_firmware	The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (ve…	NVD-CWE-noinfo	CVE-2018-14996	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247931	7.5	HIGH ネットワーク	essential	phone_firmware	The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.andr…	CWE-20 不適切な入力確認	CVE-2018-14994	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247932	7.8	HIGH ローカル	asus	zenfone_v_live_firmware zenfone_3_max_firmware	The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with …	NVD-CWE-noinfo	CVE-2018-14993	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247933	9.8	CRITICAL ネットワーク	coolpad t-mobile	defiant_firmware revvl_plus_firmware zte_zmax_pro_firmware	The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/2017…	CWE-20 不適切な入力確認	CVE-2018-14991	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247934	7.5	HIGH ネットワーク	coolpad t-mobile	defiant_firmware revvl_plus_firmware zte_zmax_pro_firmware	The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/2017…	CWE-20 不適切な入力確認	CVE-2018-14990	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247935	7.5	HIGH ネットワーク	plum-mobile	compass_firmware	The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.an…	CWE-20 不適切な入力確認	CVE-2018-14989	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247936	5.5	MEDIUM ローカル	sony	xperia_l1_firmware	The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of…	CWE-20 不適切な入力確認	CVE-2018-14983	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247937	7.1	HIGH ローカル	asus	zenfone_3_max_firmware	The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_s…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14980	2024-11-21 12:50	2019-04-26	表示	GitHub Exploit DB Packet Storm

247938	7.8	HIGH ローカル	cyberark	endpoint_privilege_manager	CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.	CWE-269 不適切な権限管理	CVE-2018-14894	2024-11-21 12:50	2019-04-10	表示	GitHub Exploit DB Packet Storm

247939	6.1	MEDIUM ネットワーク	qasymphony	qtest_manager	qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter.	CWE-601 オープンリダイレクト	CVE-2018-15180	2024-11-21 12:50	2019-04-3	表示	GitHub Exploit DB Packet Storm

247940	7.5	HIGH ネットワーク	five9	agent_desktop_plus	Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(is…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-15508	2024-11-21 12:50	2019-03-22	表示	GitHub Exploit DB Packet Storm

247941	8.1	HIGH ネットワーク	ysoft	safeq_server_client	YSoft SafeQ Server 6 allows a replay attack.	CWE-294 Capture-replayによる認証回避	CVE-2018-15498	2024-11-21 12:50	2019-03-22	表示	GitHub Exploit DB Packet Storm

247942	9.8	CRITICAL ネットワーク	five9	agent_desktop_plus	Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-15509	2024-11-21 12:50	2019-03-18	表示	GitHub Exploit DB Packet Storm

247943	9.8	CRITICAL ネットワーク	uvnc	ultravnc	UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vu…	CWE-787 境界外書き込み	CVE-2018-15361	2024-11-21 12:50	2019-03-6	表示	GitHub Exploit DB Packet Storm

247944	8.8	HIGH 隣接	cisco	hyperflex_hx_data_platform	A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insuffic…	CWE-78 OSコマンド・インジェクション	CVE-2018-15380	2024-11-21 12:50	2019-02-21	表示	GitHub Exploit DB Packet Storm

247945	8.6	HIGH ネットワーク	dlink	central_wifimanager	The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, le…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-15517	2024-11-21 12:50	2019-02-1	表示	GitHub Exploit DB Packet Storm

247946	5.8	MEDIUM ネットワーク	dlink	central_wifimanager	The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-15516	2024-11-21 12:50	2019-02-1	表示	GitHub Exploit DB Packet Storm

247947	7.8	HIGH ローカル	dlink	central_wifimanager	The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which a…	NVD-CWE-noinfo	CVE-2018-15515	2024-11-21 12:50	2019-02-1	表示	GitHub Exploit DB Packet Storm

247948	5.3	MEDIUM ネットワーク	titanhq	spamtitan	TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requ…	CWE-20 不適切な入力確認	CVE-2018-15136	2024-11-21 12:50	2019-01-31	表示	GitHub Exploit DB Packet Storm

247949	7.2	HIGH ネットワーク	cisco	identity_services_engine	A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vuln…	NVD-CWE-noinfo	CVE-2018-15459	2024-11-21 12:50	2019-01-24	表示	GitHub Exploit DB Packet Storm

247950	6.1	MEDIUM ネットワーク	cisco	identity_services_engine	A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the imp…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15455	2024-11-21 12:50	2019-01-24	表示	GitHub Exploit DB Packet Storm